Re: [Nagios-users] check_smtp und SMTPS
Kevin, Kevin Keane schrieb: Dirk H. Schulz wrote: Marc Powell schrieb: On Mar 20, 2009, at 9:57 AM, Dirk H. Schulz wrote: Hi Folks, I am trying to check a mailserver using SSL: ./check_smtp -H my.server.tld -S -p 465 CRITICAL - Socket timeout after 10 seconds ./check_tcp -H my.server.tld -p 465 TCP OK - 0.002 second response time on port 465|time=0.001616s;;; 0.00;10.00 SMTPS ist in productive use on that server, as you can see check_tcp can reach the port, but check_smtp claims not to reach the SMTPS service. It seems to work as advertised. What do you see with verbose mode for check_smtp -- check_smtp -H my.server.tld -S -p 465 -v HELOCMD: EHLO nagios.server.tld CRITICAL - Socket timeout after 10 seconds That is all. It looks like check_smtp sends a EHLO but does not get anything back. Strange. I have to check with kerio support, I guess. Dirk You are using the wrong plugin. check_smtp does not understand SSL-protected SMTP. Use the check_ssmtp plugin instead; that is what I am using for this purpose. The -S option turns on TLS (also known as starttls), not SSL. They are *almost* the same, with one critical difference: with TLS, the initial conversation (the EHLO and one or two more commands and responses) occurs in plain text, and THEN the client and the server negotiate encryption. That way, you can run encrypted and unencrypted traffic at the same time over the same port (25 or 587). On port 465, the server turns on encryption first, and then expects the EHLO to already be encrypted. Thanks for your detailled explanation - that was what I needed to know. check_ssmtp works fine for my environment. Dirk -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_smtp und SMTPS
Marc Powell schrieb: On Mar 20, 2009, at 9:57 AM, Dirk H. Schulz wrote: Hi Folks, I am trying to check a mailserver using SSL: ./check_smtp -H my.server.tld -S -p 465 CRITICAL - Socket timeout after 10 seconds ./check_tcp -H my.server.tld -p 465 TCP OK - 0.002 second response time on port 465|time=0.001616s;;; 0.00;10.00 SMTPS ist in productive use on that server, as you can see check_tcp can reach the port, but check_smtp claims not to reach the SMTPS service. It seems to work as advertised. What do you see with verbose mode for check_smtp -- check_smtp -H my.server.tld -S -p 465 -v HELOCMD: EHLO nagios.server.tld CRITICAL - Socket timeout after 10 seconds That is all. It looks like check_smtp sends a EHLO but does not get anything back. Strange. I have to check with kerio support, I guess. Dirk -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_smtp und SMTPS
Dirk H. Schulz wrote: Marc Powell schrieb: On Mar 20, 2009, at 9:57 AM, Dirk H. Schulz wrote: Hi Folks, I am trying to check a mailserver using SSL: ./check_smtp -H my.server.tld -S -p 465 CRITICAL - Socket timeout after 10 seconds ./check_tcp -H my.server.tld -p 465 TCP OK - 0.002 second response time on port 465|time=0.001616s;;; 0.00;10.00 SMTPS ist in productive use on that server, as you can see check_tcp can reach the port, but check_smtp claims not to reach the SMTPS service. It seems to work as advertised. What do you see with verbose mode for check_smtp -- check_smtp -H my.server.tld -S -p 465 -v HELOCMD: EHLO nagios.server.tld CRITICAL - Socket timeout after 10 seconds That is all. It looks like check_smtp sends a EHLO but does not get anything back. Strange. I have to check with kerio support, I guess. Dirk You are using the wrong plugin. check_smtp does not understand SSL-protected SMTP. Use the check_ssmtp plugin instead; that is what I am using for this purpose. The -S option turns on TLS (also known as starttls), not SSL. They are *almost* the same, with one critical difference: with TLS, the initial conversation (the EHLO and one or two more commands and responses) occurs in plain text, and THEN the client and the server negotiate encryption. That way, you can run encrypted and unencrypted traffic at the same time over the same port (25 or 587). On port 465, the server turns on encryption first, and then expects the EHLO to already be encrypted. -- Kevin Keane Owner The NetTech Find the Uncommon: Expert Solutions for a Network You Never Have to Think About Office: 866-642-7116 http://www.4nettech.com This e-mail and attachments, if any, may contain confidential and/or proprietary information. Please be advised that the unauthorized use or disclosure of the information is strictly prohibited. The information herein is intended only for use by the intended recipient(s) named above. If you have received this transmission in error, please notify the sender immediately and permanently delete the e-mail and any copies, printouts or attachments thereof. -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] check_smtp und SMTPS
Hi Folks, I am trying to check a mailserver using SSL: ./check_smtp -H my.server.tld -S -p 465 CRITICAL - Socket timeout after 10 seconds ./check_tcp -H my.server.tld -p 465 TCP OK - 0.002 second response time on port 465|time=0.001616s;;; 0.00;10.00 SMTPS ist in productive use on that server, as you can see check_tcp can reach the port, but check_smtp claims not to reach the SMTPS service. I have googled a lot and found that I am not the only one with this problem, but found no solution. Any takers? Thanks in advance, Dirk -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_smtp und SMTPS
On Mar 20, 2009, at 9:57 AM, Dirk H. Schulz wrote: Hi Folks, I am trying to check a mailserver using SSL: ./check_smtp -H my.server.tld -S -p 465 CRITICAL - Socket timeout after 10 seconds ./check_tcp -H my.server.tld -p 465 TCP OK - 0.002 second response time on port 465|time=0.001616s;;; 0.00;10.00 SMTPS ist in productive use on that server, as you can see check_tcp can reach the port, but check_smtp claims not to reach the SMTPS service. It seems to work as advertised. What do you see with verbose mode for check_smtp -- $ ./check_smtp -H myserver -S -p 587 -v 220 myserver ESMTP Postfix SMTP OK - 0.088 sec. response time, 220 2.0.0 Ready to start TLS IPELINING 250-SIZE 5120 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN |time=0.087640s;;;0.00 -- Marc -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null